Security Engineer

💰 $115K–$185K salary range

Median: $143K  ·  Based on 460 public job postings  ·  Updated June 29, 2026

What is a Security Engineer?

A security engineer designs, builds, and maintains the security controls, tooling, and processes that protect a company's systems and data. At a startup, security engineers often own the entire security function: application security, cloud security, identity management, compliance programs (SOC 2, ISO 27001), and incident response. Security has moved from a box-checking compliance exercise to a product differentiator — especially for companies selling to enterprise customers.

‍

At what stage should you hire a Security Engineer?

Series A through Series B, once enterprise deals are requiring security questionnaires and SOC 2 certification, or when you handle sensitive customer data that creates real liability if breached. Security engineers who join at Series A can build security right into the architecture; joining at Series C means retrofitting security into systems designed without it — significantly harder and more expensive.

‍

Common titles for this role

• Security Engineer
• Application Security Engineer
• Cloud Security Engineer
• Security Software Engineer
• Information Security Engineer
• Product Security Engineer

‍

What does a Security Engineer do at a startup?

• Conduct security design reviews and threat modeling for new features and architecture
• Run application security testing: SAST, DAST, dependency scanning, penetration testing
• Implement and maintain cloud security controls: IAM policies, network segmentation, secrets management
• Build and maintain the compliance program: SOC 2 Type II, ISO 27001, HIPAA, or FedRAMP as required
• Respond to security incidents: containment, investigation, remediation, and postmortems
• Build security tooling: automated vulnerability scanning, SIEM, alerting
• Train engineers on secure coding practices and security awareness

‍

Key skills and qualifications

• Strong software engineering background — security engineers who can't code are security analysts
• Application security expertise: OWASP Top 10, secure SDLC, code review for vulnerabilities
• Cloud security experience: AWS/GCP/Azure security services, IAM, network security groups
• Compliance knowledge: SOC 2, ISO 27001, or industry-specific frameworks
• Security tooling proficiency: SAST/DAST tools, vulnerability management platforms
• Security certifications valued: CISSP, OSCP, AWS Security Specialty, or equivalent

‍

Why hire your Security Engineer through Recruiting from Scratch?

• Security engineering requires both development depth and security expertise — we screen for both sides of that equation
• 29-day average time to hire — security searches benefit from a pre-vetted pool of candidates with relevant certifications and experience
• 300+ placements at VC-backed companies across engineering and security functions
• Pre-vetted for hands-on security experience, not just compliance checkbox knowledge
• No upfront fees

Frequently Asked Questions: Security Engineer

What does a Security Engineer earn?

Based on our database of 512 real postings, a Security Engineer typically earns a median salary of $204K. Salaries for this role generally range from $172K to $232K, reflecting variations in experience, location, and company size. We ensure our clients are competitive with these figures to attract top talent.

How long does it take to hire a Security Engineer?

Hiring a Security Engineer can be a competitive process, with the industry average often ranging from 45 to 60 days. Through our specialized recruitment process and extensive network, we typically reduce this timeframe significantly. Our average time to placement for a Security Engineer is just 29 days, connecting you with qualified candidates faster.

What should you look for when hiring a Security Engineer?

When hiring a Security Engineer, prioritize candidates with a strong foundation in security principles, threat modeling, and incident response. Look for practical experience with various security tools and technologies, alongside a proactive problem-solving mindset. We advise clients to seek individuals who can not only identify vulnerabilities but also design and implement robust defenses.

How do you assess a Security Engineer candidate effectively?

Effective assessment involves a combination of technical interviews, practical exercises, and behavioral questions. We recommend scenario-based questions to gauge their problem-solving abilities under pressure and their understanding of real-world security challenges. Our process includes deep dives into their past projects to understand their contributions and decision-making processes.

Is Security Engineer typically a remote or in-person role?

The Security Engineer role has seen a significant shift towards remote work, especially in recent years. While some organizations prefer in-person or hybrid models for specific operational reasons, many companies successfully employ remote security teams. We find that offering flexibility can greatly expand the talent pool, allowing access to a wider range of skilled professionals across different geographies.

📊 Salary breakdown

Security Engineer salary by location

• All locations: $143K median ($115K–$185K typical range)
• San Francisco: $242K median, $176K–$310K range (+69% vs. national)
• New York: $156K median, $117K–$239K range (+9% vs. national)
• Remote: $165K median, $128K–$266K range (+15% vs. national)
• Denver: $123K median, $98K–$138K range (-14% vs. national)
• Seattle: $170K median, $133K–$200K range (+19% vs. national)
• Boston: $150K median, $146K–$165K range (+5% vs. national)
• Chicago: $123K median, $110K–$140K range (-14% vs. national)
• San Diego: $111K median, $106K–$117K range (-22% vs. national)

Highest paying companies

San Francisco

• OpenAI: $310K median
• Notion: $245K median

New York

• Unity: $97K median

Based on companies with 3+ active postings. Median of publicly advertised salary range.

What's typically included

• Health insurance: 46% of postings
• Equity (RSU/options): 56% of postings
• Flexible PTO: 32% of postings
• Parental leave: 14% of postings
• Learning/education budget: 12% of postings
• Visa sponsorship: 2% of postings

Typical experience required: 5–6 years.

Security salaries by seniority

• Security Engineer: $143K
• Security Engineering Manager: $165K
• Senior Security Engineer: $173K
• Security Lead: $175K
• Staff Security Engineer: $210K
• Head of Security / CISO: $221K

What does a Security Engineer do?

Security Engineers are security engineers and analysts who protect infrastructure, data, and applications. This benchmark reflects Mid-level base compensation at high-growth and AI-native companies.

Government wage data

For corroboration, U.S. Department of Labor certified wage filings (FY2026) show a median of $151K for Security Engineer roles, ranging $123K–$178K, across 163 filings. This is reported separately from — never blended with — the job-posting median above.

Common questions

What is the average Security Engineer salary at an AI startup?
The median pay is $143K, with a typical range of $115K–$185K, based on 460 public job postings collected in 2025–2026.

How does Security Engineer pay compare in San Francisco vs. remote?
San Francisco roles pay a median of $245K, while fully-remote roles pay $165K.

Where does this salary data come from?
It is aggregated from public job postings on company career pages — no private placement or client data. We require a minimum of 15 postings per role.

Methodology

Figures are the midpoint of each posting's advertised USD salary range, aggregated from 460 public job postings (2025–2026). The range shown is the 25th–75th percentile; the median is the 50th percentile. Equity is separate and not included; where a posting's range reflects on-target earnings (OTE) for commission roles, that is included in the midpoint. Roles require at least 15 postings to be published. Last refreshed June 29, 2026.

Hiring Security Engineers? RFS recruiters specialize in Security placements at AI-native and high-growth startups. Talk to an RFS recruiter →

Are you a Security Engineer? See open Security Engineer roles →